Entries in hashCollect
(2)

In a departure from the normal technical posts, I wanted to take a moment to put out a few announcements as I have been getting a lot of questions lately.

Announcement 1: TekDefense has partnered with Securabit to bring video content to the Securabit site. This does not mean that TekDefense is going away, only that you will now get even more content! The video series is called SecuraTip and will be a more concise version of TekTip. Additionally I will be writing articles for Securabit as I have for NOVA Infosec.

Annuncement 2: Through the partnership with Securabit, TekDefense is now sponsored by SANS.org. Using coupon code Securabit_Tek5 at checkout will give you 5% off any SANS.org course in any format (live, vlive, OnDemand).

With the #OpIsreal stuff going on right now there has been many more password dumps put out than usual. For instance using Andrew MohawksPasteLert web app I get alerted anytime there is a pastebin post that includes the hash e10adc3949ba59abbe56e057f20f883e. e10adc3949ba59abbe56e057f20f883e is the hash of the most common password: 123456. I set up the alert for this hash because it will catch password dumps regardless of the language. I admit there are some faults though, particularly if the site that the passwords are dumped from have password requirements that would not allow a password of 123456. The following is a graph that shows the typical number of dumps I see with these parameters:

As you can see, #OpIsreal has caused a significant uptick in the number of password dumps that include the hash for 123456.

My typical process once I get a hold of the dumps from these is I download the file, manually pull out the typical header data like the name of the operation and all the propaganda, then I use the cut command to pull out just the hashes. While this isn't too lengthy of a process, I am a lazy man. From this laziness, comes hashCollect.py.

HashCollect.py is a python tool I wrote that will scrape md5 hashes out of a specific file or url. While this script is pretty bare right now it gets the job done. I have many plans for it, that you will hopefully see soon.